We help IT Professionals succeed at work.

Users Folder Security poblem Win 2008 Server

Hi, we have a small backup exe which we have running in a scheduled task.
However we are running into a permissions error on the users folder on Windows 2008 server.
We are getting access is denied errors. The exe has been setup to use the admin account in the task scheduler but this does not help. It copies the other data no problem, just the users folder which contains the users redirect documents folder. I have tried using the builit in Backup operator account for the scheduled task with no joy.

Watch Question

That brings up a lot of questions:
-is the user profile roaming? (if so, files may still be open in their session at backup time)
-is it necessary to backup that folder? (if not, exclude and move on)
-if user is local, is there any sync task set up to run during backup? (e.g. Windows Sync on the client PC with a scheduled task, or Allway Sync, SyncBack etc.) - should schedule the two at separate times or kill the sync during backup
-check file attributes for hidden or system (any *.ini or *.db files?)

If all else seems OK, try placing explicit NTFS permissions on the folder for the backup operator account.
What software handles your backup?
Network Administrator, Network Consultant
Top Expert 2011
right click on root folder of users files ,then properties -> security -> advance -> tick both
"include inheritable permission from object partent"
"replace existing inheritable permission" ..
as shown in picture , also check that you provided the correct credentials for scheduled backup task.



sorry for th edelay on getting back to you on this,
i will check and get back to u as soon as possible

I think you are allowing Windows to create the user folders automatically. By default, Windows only assignes permissions for the specified user with no admin access, hence, you will not be able to back it up.

There is a group policy setting that will automatically add admin permissions tothe users roaming profile directories.

From the server manager under Features, group Policy Management, edit the domain policy.
In gpedit window navigate to "Local Computer Policy->Computer Configuration->administrative Templates->System->User Profiles" and set the following settings:
1.Add the Administrators security group to roaming profiles : Enable
2.Set roaming profile path for all users logging into this computer :\\Servername\Sharedpath\%USERNAME%

This is really for roaming profiles but it may apply to your situation even if you are not actually using roaming profiles. You were not explicit.

This should work for folders that are created in the future. For existing folders, you will need to follow the advice from jordannet. However, if the permissions are exclusive to the each user, you may first have to grab ownership of the folder first before Windows lets you force the changes to permissions and you will need to add the admin group at the top level for the subdirectories to inherit.



Thanks for the help